Preparing and importing a signed CA certificate

LL#18047 created on Jul 13th, 2015, last modified on May 22nd, 2018

Issue

There is no information on how to create and prepare signed certificates for import in SBO. PEM file format has to be used. If another format is used or the certificate files are not correct, you get a message like this when importing.

Product Line

SmartStruxure Solution

Environment

Certificates

Cause

There's is no information on how to create signed certificates in SBO

Resolution

Make sure that when preparing the pfx file that the full chain of trust is included in the pfx file. You have various options when preparing a pfx certificate export file and the private keys and chain of trust are options that must be selected. Otherwise you won't extract the intermediate certificate or the private key if not included.

1. Complete a Certificate Request and then request a certificate in PEM format in a .pfx file "container".

2. Extract the CA certificate, Intermediate certificate and private key using the following OpenSSL commands.

After executing each command, enter the password if prompted.

Make sure you reference the right pfx file. Below filename.pfx is used as an example

Make sure you enter the commands manually and do not copy/paste from this article

4. The three files produced must then be parsed of any characters that aren't in part of the certificate/key and in PEM format - basically all the characters before "-----Begin Certificate-----" or after "-----End Certificate-----". Make sure each file ends with a blank line. This can be done in Notepad.

5. Import the files in to SBO using the certificate manager in the Control panel.

File type conversion

If the host and intermediate certificate is in crt, cer or der format, you can convert them to pem format using the following method/command:

To determine which filetype a given certificate file has (PEM, DER, or pkcs12/pfx), you can use the following commands (replace "cert.crt" with the name of your file). A valid output will confirm the file type.